19 September 2016
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.2203 IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products 19 September 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco IOS Cisco IOS XE Cisco IOS XR Publisher: Cisco Systems Operating System: Cisco Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Mitigation CVE Names: CVE-2016-6415 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 Comment: There is proof of concept code publicly available. Cisco will be releasing patches. Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability. Administrators are advised to monitor affected systems. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products Advisory ID: cisco-sa-20160916-ikev1 Revision 1.0 For Public Release 2016 September 16 16:00 GMT Summary ======= A vulnerability in IKEv1 packet processing code in Cisco IOS, Cisco IOS XE and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1 - -----BEGIN PGP SIGNATURE----- iQIVAwUBV9xaxa89gD3EAJB5AQLT6BAA0Wu+va2D7PlcKnpHHrmYwCwdeHZr6S9h +VTOhzWh7JC1jvGWUcz1mW3IOptKvN7Wb4GY+nI8YVgXS/cd4Bo8FSwOla5MFS0J Y4LKo+kdEtrOuiXNiqMAdoExUXtCHYm08L8WbLS/ES5UEoTB5hO9EO8HA1wRQ/Yi +/6pJGmseqgINIaX2eeqi7jjRB+47lbUoS/rlWAAuzskmK76MOOLmMYosNWqIvbV Ja1f9/wr0rO9OCBuBbZsPfs9YH2sRF+q5uzxnt4bJMBN1smY/ow9dB59tV6caNff xM2CQUhB6/0EyszMRvjANt06g49nOl8hixJOzDz+TaJ2xOR//K5M8dhqguQ8J42j cK0s4ayey0ks/qOdxsK34q4Q7OuSmWrJJIAymypgJEVZ/VWK54kJIU+OOfMvNqvC cOPUfE+kjr0SHqHMJ5aNJwU3W/owCTftj5QDRinuoe0EZ/iWE45d1JMZJAQpJsTU 5XDY/QrZiu9+Drj8RsgWeoiEtpO9Wep0cIAXoOFwXE9kUGuw6yngv1H1q2BF599N kHa+5A8ULySwKWwFUa4/XGvMITAQXOLIdUFDGRfMozegFPOtDj82cepPt7yIxfPG fGKwnvi5wPT/b9JoMRIbmahNHHIKJbe6Z+J4+i7eK3Fl6Syr9HtptZIBta3lCX8Q UAD0xvStymY= =s4x7 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to email@example.com and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV990Eox+lLeg9Ub1AQjrYA//TUkPUo6DAt6m4kUv0nJtGenEHolPHLsf pwdShcKb8sS/F8OkRTrP7wp4dBEJihAcbtThxIlchJePjnkUSN/aEKiXFosl8IMi HD3P3z0dHwiUmC1ctszNDvFPz19pJ+pajOqMZuwQwcPYPr/rRn0xXE5rIB3iefMw vTdLB7gUozQBc1K2wX7FHQj4rXu3o/G+BCvQAzw5uuYDgVuX7/KpRcg7BVwcWFJK ggcnm9X9sY0gMKDEtyfCVLG9XIPk2tyBjAZA3u0pP7w6krj7jQZMV6N56+nu+0ML 7jNMNv7dNI04zoCvCJQLqDX3p+uJDIsDaC2bb3gB6Z6W1bYdZ93T1kArTDy52raD BjpRsCKiwuOw5YoPooRbKuHb1f8NPl0yQHCs4OFMLPUZWEQopcWiupeTs28+aCeh VXGOJEXx8r6hnc6tPucebQEcaPi5R7FslbAZUUOl8MjBxtxGN41ecPPQuH0/U2Ea pmAqRFHRB5GG2ETfZ+UzsLa+u8gusMgNJahjoMjAL/9ZOHf1V+e1gkVsz/GjgrFf ieAKtXq0Iv4DZ5K44BXYg8VUVSiUgfQ/OGP5oiNYh7gHOtnaLZfqiKnZpI1fe5qy PLrwtWHydkO+7Q1CDgLBX2JHqfNcaLcrfRAReFue8AOhpAInSu3XLHKaulLaDjRT Bbt0MJ7ViPE= =eqky -----END PGP SIGNATURE-----